On Aug 22, 2010, at 9:27 AM, Robert J. Hansen wrote: > While I concur with you, Christoph, there's one minor error that should > probably be corrected: > >> No keyserver is a CA... > > Most keyservers are CAs, in that the people who run the keyservers have > signed other people's keys.
Robert, are you really saying what you seem to be saying? The action of the owners doesn't make a keyserver a CA. That makes the person running the keyserver a CA. If I signed a bunch of keys and put them up on my web server, it wouldn't make my web server a CA. Similarly, if I signed someone's key and gave it to him on a USB stick, it wouldn't make the USB stick a CA. Most keyservers are a database plus a web server plus a key distribution protocol. It's a storage place for keys. The CA is the person/entity issuing signatures. The method they use to distribute these signatures (be it keyserver, sneakernet, or morse code) does not change that. The PGP "Global Directory" keyserver, by comparison, is a CA. It issues the signatures, and isn't just storage. David _______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel